Sending encrypted workflow notification emails

Text Widget

This is a text widget. The Text Widget allows you to add text or HTML to your sidebar. You can use a text widget to display text, links, images, HTML, or a combination of these. Edit them in the Widget section of the Customizer.

Search

Does business require to send encrypted workflow notification emails in synch with your company’s security requirements? The following steps describe how to do it using CRM Online and Office 365.

Office 365 Message Encryption requires the Azure Rights Management service. Once you have a subscription to this service, you can activate it as described in the following procedure. For more information about this requirement, see Prerequisites for using Office 365 Message Encryption.

3. Set up Azure Rights Management for Office 365 Message Encryption

Once you have Azure Rights Management, the next step is to set up Azure Rights Management for Office 365 (Exchange Online) message encryption. We will use Windows Power Shell to connect to Exchange Online and accomplish this step. (More information how to Connect to Exchange Online using PowerShell)

Open a PowerShell windows as Administrator and execute the following PowerShell commands:

Run the following command to import the Trusted Publishing Domain (TPD) from RMS Online:

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

To verify that you successfully configured IRM in Exchange Online to use the Azure Rights Management service, run the following command:

Test-IRMConfiguration -RMSOnline

Among other things, the command checks connectivity with the RMS Online service, downloads the TPD, and checks its validity. If everything is OK, you should see as result of the test: ‘Overall result: pass’.

Run the following commands to disable IRM templates from being available in OWA and Outlook and then enable IRM for your cloud-based email organization to use IRM for Office 365 Message Encryption.

To disable IRM templates in OWA and Outlook:

Set-IRMConfiguration -ClientAccessServerEnabled $false

To enable IRM for Office 365 Message Encryption:

Set-IRMConfiguration -InternalLicensingEnabled $true

To test the IRM functionality, run the following command, where you use your username instead of administrator@encryptedwfmail.onmicrosoft.com:

4. Define rules to encrypt email messages

The next step is to define the conditions when we want to encrypt an email. In our case, email encryption is only needed when the body of the email contains the following phrase: ‘(This email was encrypted using Microsoft Office 365)’

It can be defined in the Exchange Admin Center (EAC), which can be accessed within Office 365 via Admin > Exchange:

From the EAC, go to mail flow > rules:

Select + > Create a new rule…

Enter the Name (for example ‘Encrypted CRMONL workflow email’) and click on the More options… button in the opening pop-up window as shown below:

Then specify when the rule should be applied. So select The subject or body > subject or body matches these text patterns:

5. Create a test CRM workflow and test it

The final step is to create a workflow where we want to use the email encryption and test it in practice.

We are creating a simple workflow which is fired when an account is created and sends an encrypted notification email. Assuming that the reader is familiar with the Dynamics CRM workflow basic, the relevant parts are highlighted here.

When you define the workflow, specify the

Process Name: Account create – encrypted mail

Entity: Account

Category: Workflow

Start condition: Record is created

Step: Send email: Create new message

as shown below:

And add the email properties as the following:

The key elements of the workflow notification email is the last sentence in the message body – (This email was encrypted using Microsoft Office 365) – which should be the same string as we defined the message encryption rule.

Let’s Save and Activate the workflow, before we can test our work.

Finally, to test our work, first let’s create a new account in CRM:

Then we receive the encrypted account creation notification email, which is actually an html email attachment:

When we try to open the html file in a browser, we have two options:

Sign in with our Office 365 credentials or

Use a one-time passcode

Now, using the one-time passcode option, we will get another email including the one-time passcode:

After specifying the passcode, we can read the workflow notification email: